added enabledProtocols param for TlsSocketFactory

lampa-app · May 16, 2024 · dcc0eb5 · dcc0eb5
1 parent ab1d452
commit dcc0eb5
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 11 deletions.
diff --git a/app/src/main/java/top/rootu/lampa/net/HttpHelper.java b/app/src/main/java/top/rootu/lampa/net/HttpHelper.java
@@ -78,8 +78,13 @@ public static OkHttpClient getOkHttpClient(int timeout) {
         }
         try {
             // use Conscrypt for TLS on Android < 10 and trust all certs
-            if (!Helpers.isBrokenTCL() && !Helpers.isWisdomShare() && Build.VERSION.SDK_INT < Build.VERSION_CODES.Q) {
-                builder.sslSocketFactory(new TlsSocketFactory(), TlsSocketFactory.trustAllCerts);
+            if (Build.VERSION.SDK_INT < Build.VERSION_CODES.Q
+                    || (!Helpers.isBrokenTCL() && !Helpers.isWisdomShare())
+            ) {
+                builder.sslSocketFactory(
+                        new TlsSocketFactory(TlsSocketFactory.TLS_MODERN),
+                        TlsSocketFactory.trustAllCerts
+                );
                 builder.hostnameVerifier((hostname, session) -> true);
             }
             // https://github.com/square/okhttp/issues/3894

diff --git a/app/src/main/java/top/rootu/lampa/net/TlsSocketFactory.java b/app/src/main/java/top/rootu/lampa/net/TlsSocketFactory.java
@@ -18,24 +18,36 @@
 
 public class TlsSocketFactory extends SSLSocketFactory {
     private static Provider conscrypt;
-    private static final String[] TLS_COMPAT = {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
-    private static final String[] TLS_MODERN = {"TLSv1.2", "TLSv1.3"};
-    final SSLSocketFactory delegate;
+    public static final String[] TLS_MODERN = {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
+    public static final String[] TLS_RESTRICTED = {"TLSv1.2", "TLSv1.3"};
+    private final String[] enabledProtocols;
+    private final SSLSocketFactory delegate;
     public static final X509TrustManager trustAllCerts = new IgnoreSSLTrustManager();
 
+    public TlsSocketFactory(String[] enabledProtocols) throws KeyManagementException, NoSuchAlgorithmException {
+        this.enabledProtocols = enabledProtocols;
+        this.delegate = getSocketFactory();
+    }
+
     public TlsSocketFactory() throws KeyManagementException, NoSuchAlgorithmException {
+        this.enabledProtocols = TLS_RESTRICTED;
+        this.delegate = getSocketFactory();
+    }
+
+    public TlsSocketFactory(SSLSocketFactory base) {
+        this.enabledProtocols = TLS_RESTRICTED;
+        this.delegate = base;
+    }
+
+    private static SSLSocketFactory getSocketFactory() throws NoSuchAlgorithmException, KeyManagementException {
         if (TlsSocketFactory.conscrypt == null) {
             TlsSocketFactory.conscrypt = Conscrypt.newProvider();
             // Add as provider
             Security.insertProviderAt(conscrypt, 1);
         }
         SSLContext context = SSLContext.getInstance("TLS", TlsSocketFactory.conscrypt);
         context.init(null, new TrustManager[]{trustAllCerts}, null);
-        this.delegate = context.getSocketFactory();
-    }
-
-    public TlsSocketFactory(SSLSocketFactory base) {
-        this.delegate = base;
+        return context.getSocketFactory();
     }
 
     @Override
@@ -80,7 +92,7 @@ public Socket createSocket(InetAddress address, int port, InetAddress localAddre
 
     private Socket patch(Socket s) {
         if (s instanceof SSLSocket) {
-            ((SSLSocket) s).setEnabledProtocols(TLS_COMPAT);
+            ((SSLSocket) s).setEnabledProtocols(enabledProtocols);
         }
         return s;
     }